---
title: DifySandbox
---

### Introduction

`DifySandbox` is a lightweight, fast, and secure code execution environment that supports multiple programming languages, including Python and Node.js. It serves as the underlying execution environment for various components in Dify Workflow, such as the Code node, Template Transform node, Jinja2 syntax in LLM nodes, and the Code Interpreter in Tool nodes. DifySandbox ensures system security while enabling Dify to execute user-provided code.

### Features
- **Multi-language Support**: DifySandbox is built on Seccomp, a system-level solution that enables support for multiple programming languages. Currently, it supports Python and Node.js.
- **System Security**: It implements a whitelist policy, allowing only specific system calls to prevent unexpected security breaches.
- **File System Isolation**: User code runs in an isolated file system environment.
- **Network Isolation**:
    - **DockerCompose**: Utilizes a separate Sandbox network and proxy containers for network access, maintaining intranet system security while offering flexible proxy configuration options.
    - **K8s**: Network isolation strategies can be directly configured using Egress policies.

### Installation Dependencies

Before installing and deploying the DifySandbox project, ensure your system meets the following dependency requirements:

1. **System Dependencies**

Execute the appropriate commands based on your Linux distribution to install necessary system components:

- Ubuntu/Debian

```bash
sudo apt-get update
sudo apt-get install pkg-config gcc libseccomp-dev git wget
```

- CentOS

```bash
sudo yum install pkgconfig gcc libseccomp-devel git wget
```

2. **Go Environment**

Install Go development environment (recommended Go 1.20.6 or higher):

```bash
# Install Go 1.20.6
sudo apt-get install -y golang-1.20.6
```

Verify installation:

```bash
go version  # Displays the installed Go version
```

3. **Python Environment Configuration**

**Sandbox Environment Preparation**

Python 3.10 or higher is recommended.

**Pre-installed Dependency Management**

DifySandbox comes pre-configured with the following Python dependencies:

- `http` - Basic networking library
- `jinja2` - Template engine for LLM prompt processing
- `requests` - HTTP client library

**Adding Custom Dependencies**

If you need additional Python dependencies, follow these steps:

1. Locate the `dependencies/python-requirements.txt` file in the project root directory.
2. Add the required package names and versions to the file. If permission changes are involved, refer to the [FAQ](https://github.com/langgenius/dify-sandbox/blob/main/FAQ.md).
3. Rebuild DifySandbox.

<Warning>
    Adding new dependencies may introduce additional permission requirements. Please carefully evaluate security implications. Do not change permission configurations if you cannot fully assess the potential security risks.
</Warning>

### Contribution

You can refer to the [Contribution Guide](contribution) to participate in the development of `DifySandbox`.

{/*
Contributing Section
DO NOT edit this section!
It will be automatically generated by the script.
*/}

---

[Edit this page](https://github.com/langgenius/dify-docs/edit/main/en/development/backend/sandbox/README.mdx) | [Report an issue](https://github.com/langgenius/dify-docs/issues/new?template=docs.yml)

